In September we introduced a new breed of Chrome Apps that work offline by default and act like native applications on the host operating system. These Chrome Apps are currently available on all desktop platforms. Today we're expanding their reach to mobile platforms with an early developer preview of a toolchain based on Apache Cordova, an open-source mobile development framework for building native mobile apps using HTML, CSS and JavaScript.

The toolchain wraps your Chrome App with a native application shell and enables you to distribute your app via Google Play and the Apple App Store. We provide a simple developer workflow for packaging a Chrome App natively for mobile platforms. You can run your Chrome App on a device or emulator using the command-line or an IDE. Alternatively, you can use the Chrome Apps Developer Tool to run your app on an Android device without the need to install an IDE or the mobile platform’s SDK.

We’ve made many of the core Chrome APIs available to Chrome Apps running natively on mobile, including:

In addition to the above Chrome APIs, you have access to a wide range of APIs supported in the Cordova platform.

For web developers, this toolchain provides a simple workflow for extending the reach of Chrome Apps to users on mobile platforms. The toolchain is in developer preview mode, and we expect to continually improve it based on your feedback. To get started, take a look at our dev workflow and sample apps. As always, we welcome your feedback on Stack Overflow, our G+ Developers page, or our developer forum.

Security is a core tenet of Chromium, which is why we hold regular competitions to learn from security researchers. Contests like Pwnium help us make Chromium even more secure. This year Pwnium 4 will once again set sights on Chrome OS, and will be hosted in March at the CanSecWest security conference in Vancouver.

With a total of $2.71828 million USD in the pot (mathematical constant e for the geeks at heart), we’ll issue Pwnium rewards for eligible Chrome OS exploits at the following levels:

$110,000 USD: browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page.

New this year, we will also consider significant bonuses for demonstrating a particularly impressive or surprising exploit. Potential examples include defeating kASLR, exploiting memory corruption in the 64-bit browser process or exploiting the kernel directly from a renderer process.

Past Pwnium competitions have focused on Intel-based Chrome OS devices, but this year researchers can choose between an ARM-based Chromebook, the HP Chromebook 11 (WiFi), or the Acer C720 Chromebook (2GB WiFi) that is based on the Intel Haswell microarchitecture. The attack must be demonstrated against one of these devices running the then-current stable version of Chrome OS.

Any software included with the default installation may be used as part of the attack. For those without access to a physical device, the Chromium OS developer’s guide offers assistance on getting up and running inside a virtual machine, but note that a virtual environment might differ from the physical devices where the attack must be demonstrated.

To make sure everyone has enough time to demonstrate their exploit, we will require participants to register in advance for a timeslot. To register, e-mail pwnium4@chromium.org. Registration will close at 5:00 p.m. PST Monday, March 10th, 2014. Only exploits demonstrated on time in this specifically-arranged window will be eligible for a reward.

The official rules contain more details, but standard Pwnium rules apply: the deliverable is the full exploit, with explanations for all individual bugs used (which must be unknown); and exploits should be served from a password-authenticated and HTTPS-supported Google App Engine URL.

See you in Vancouver!

Signed by Jorge Lucángeli Obes, Security Engineer and Master of Ceremonies

Today’s Chrome Beta channel release kicks off the new year with a slew of new features for developers ranging from Custom Elements, to web speech synthesis and improved WebFont downloading. Unless otherwise noted, changes apply to desktop versions of Chrome and Chrome for Android.

Custom Elements

With Custom Elements, web developers can define new types of HTML elements to use in their web applications. The spec is one of several new API primitives landing under the Web Components umbrella. It brings abstraction and modularity to the web platform by allowing developers to:

As described in the original NPAPI deprecation announcement, Chrome has begun blocking webpage-instantiated NPAPI plug-ins by default on the Stable channel. Mac and Windows NPAPI support will be completely phased out by the end of the year, and on Linux Chromium will no longer support NPAPI plug-ins starting as early as April.

As a web developer, you know that your users are moving to mobile platforms in droves. Beginning today, you can learn how to apply your web development skills to build great mobile web apps with Mobile Web Development (CS256)—a new Udacity MOOC training course.

In each of the course’s 12 lessons, you can watch short videos teaching you the latest mobile web development techniques, and follow a series of quizzes and interactive code challenges that will test your knowledge. Specifically, you will learn how to build web experiences that adapt to different screen sizes, how to program touch interaction, and how to configure web experiences to work great even when network conditions are suboptimal. You’ll also learn to investigate performance in mobile applications using Chrome DevTools, with a strong emphasis on mobile networking.

We’ll also be running a study group for the first several weeks of the course. The study group will be livestreamed (and recorded) from the Google Developer Live studio and course instructors Sean, Chris, and Peter will be there to answer any questions you might have and help you out with the course material.